What are the key concepts of Risk Management?

Risk Assessment is the process for identifying the threats and vulnerability as they related to the existing controls as well as the impact if the threats become real. Some key concepts of risk management are –

Vulnerability – a weakness in the information system that can be potentially exploited by a threat.

Threat – a potential danger, which is harmful to an information system, whether intentional or accidental.

Risk – the likelihood that a threat will take advantage of vulnerability.

Exposure – the instance when losses are exposed due to a threat.

Assets – the business resources attributed to the system, including hardware, software, personnel, documentation, and data.

Controls – mechanisms in place to reduce, mitigate, or transfer risk.

Safeguards – controls that provide some protection to assets.

Countermeasures -controls developed through risk analysis to reduce vulnerabilities.

Risk mitigation – an effort to select and implement controls with the purpose to reduce risk to acceptable levels.

for more information about risk management and to be well prepared for your SSCP exam – sign up for the SSCP exam preparation course: